1. CVE-Search
  2. CVE-2023-28858
ID CVE-2023-28858
Summary redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.
References
Vulnerable Configurations
  • cpe:2.3:a:redis:redis-py:4.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.4.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.4.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.4.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.4.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redis:redis-py:4.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:redis:redis-py:4.3.5:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-193
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 17-05-2023 - 17:07
Published 26-03-2023 - 19:15
Last modified 17-05-2023 - 17:07
Back to Top